package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * SELECT语句
 */
public class JDBCDemo6 {
    public static void main(String[] args) {
        try (
           Connection conn = DBUtil.getConnection();
        ){
           String sql = "SELECT id,username,password,nickname,age " +
                        "FROM userinfo " +
                        "WHERE username=? AND password=?";
           PreparedStatement ps = conn.prepareStatement(sql);
           ps.setString(1,"王克晶");
//           ps.setString(2,"666666");
            ps.setString(2,"' OR '1'='1");
           ResultSet rs = ps.executeQuery();
           if(rs.next()){
               System.out.println("登录成功");
           }else{
               System.out.println("登录失败");
           }


        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
